Operating method, apparatus and system for media stream transmission key

ABSTRACT

An operating method for a media stream transmission key includes: detecting, by a media gateway, lifetime status information of a media stream transmission key; and when the media gateway determines that a lifetime of the media stream transmission key expires, executing, by the media gateway, a media stream transmission key lifetime expiry behavior according to an instruction of a media gateway controller. The embodiments of the present invention fill a technical gap that an operation is performed on a lifetime status of a media stream transmission key in an architecture where an MG and an MGC are separated.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Reissue Application of patent application Ser. No.13/489,872, filed on Jun. 6, 2012, issued as U.S. Pat. No. 9,130,961 onSep. 8, 2015, which is a continuation of International Application No.PCT/CN2010/070637, filed on Feb. 11, 2010, which is hereby incorporatedby reference in its entirety.

FIELD OF THE INVENTION

The present invention relates to the field of communicationstechnologies, and in particular, to an operating method, apparatus andsystem for a media stream transmission key.

BACKGROUND OF THE INVENTION

In an architecture where bearer and control are separated, a gatewaycontrol protocol, for example, H.248, is usually adopted as a controlprotocol between a service layer control entity and a media planeexecution entity. In this mechanism, the media plane execution entityincludes a media gateway (Media Gateway, MG), and the service layercontrol entity includes a media gateway controller (Media GatewayController, MGC).

With wide application of an IP service, a security issue of datatransmission on a network becomes more and more important. It can beseen from the perspective of a protocol that, security of the IP servicemainly includes two aspects: One is security of a control plane and theother is security of a media plane.

The real-time transport protocol (Real-Time Transport Protocol, RTP),formulated by the Internet Engineering Task Force (Internet EngineeringTask Force, IETF), is a protocol designed for multimedia data streamtransmission. The RTP is responsible for multimedia data transmission,while the real-time transport control protocol (RTP Control Protocol,RTCP) provides functions such as quality of service monitoring,congestion control and media synchronization. The RTP provides a certaindegree of confidentiality, and may encrypt an RTP payload. However, adefault algorithm of the RTP is easy to be cracked. The IETF extends theRTP protocol, and puts forward the Secure Real-Time Transport Protocol(Secure Real-time Transport Protocol, SRTP). Usually, SRTP keyinformation used in a session is negotiated through the Sessioninitialization Protocol (Session Initiation Protocol, SIP), and keyinformation is transmitted through interaction between the service layercontrol entity and the media plane execution entity. In this way, asecurity function of the media plane is implemented.

In a current network scenario, although receiving and using a mediastream transmission key are supported at service and bearer layers, anoperation cannot be performed on a lifetime status of the media streamtransmission key.

SUMMARY OF THE INVENTION

Embodiments of the present invention provide an operating method,apparatus and system for a media stream transmission key, so as to solvea problem that an operation cannot be performed on a lifetime status ofa media stream transmission key.

An embodiment of the present invention provides an operating method fora media stream transmission key, including:

detecting, by a media gateway, lifetime status information of a mediastream transmission key; and

when the media gateway determines that a lifetime of the media streamtransmission key expires, executing, by the media gateway, a mediastream transmission key lifetime expiry behavior according to aninstruction of a media gateway controller.

An embodiment of the present invention further provides a media gateway,including a detecting module, a judging module and an operating module,where

the detecting module is configured to detect lifetime status informationof a media stream transmission key;

the judging module is configured to judge whether the lifetime of themedia stream transmission key expires; and

the operating module is configured to execute a media streamtransmission key lifetime expiry behavior according to an instruction ofa media gateway controller, when the judging module determines that alifetime of the media stream transmission key expires.

An embodiment of the present invention further provides an operatingsystem for a media stream transmission key, including a media gatewaycontroller and a media gateway, where

the media gateway controller is configured to send a key expiry event tothe media gateway; and

the media gateway is configured to receive the key expiry event that issent by the media gateway controller, detect lifetime status informationof a media stream transmission key according to the received key expiryevent that is delivered by the media gateway controller; judge whetherthe lifetime of the media stream transmission key expires; and When itis determined that a lifetime of the media stream transmission keyexpires, execute a media stream transmission key lifetime expirybehavior according to an instruction of the media gateway controller.

In the embodiments of the present invention, when the media gatewaydetermines that the lifetime of the media stream transmission keyexpires, the media gateway executes the media stream transmission keylifetime expiry behavior according to the instruction of the mediagateway controller. The embodiments fill a technical gap that anoperation is performed on a lifetime status of a media streamtransmission key in an architecture where an MG and an MGC areseparated.

BRIEF DESCRIPTION OF THE DRAWINGS

To describe the technical solutions in the embodiments of the presentinvention or in the prior art more clearly, the accompanying drawingsrequired for describing the embodiments or the prior art are introducedbriefly in the following. Apparently, the accompanying drawings in thefollowing description are only some embodiments of the presentinvention, and persons of ordinary skill in the art may also deriveother drawings from these accompanying drawings without creativeefforts.

FIG. 1 is a flowchart of an operating method for a media streamtransmission key according to an embodiment of the present invention;

FIG. 2 is a flowchart of an operating method for a media streamtransmission key according to another embodiment of the presentinvention;

FIG. 3 is a flowchart of an operating method for a media streamtransmission key according to another embodiment of the presentinvention;

FIG. 4 is a flowchart of an operating method for a media streamtransmission key according to another embodiment of the presentinvention;

FIG. 5 is a signaling flowchart of a method according to an embodimentof the present invention;

FIG. 6 is a schematic structural diagram of a media gateway according toan embodiment of the present invention;

FIG. 7 is a schematic structural diagram of a media gateway according toanother embodiment of the present invention;

FIG. 8 is a schematic structural diagram of a media gateway controlleraccording to an embodiment of the present invention; and

FIG. 9 is a schematic structural diagram of an operating system for amedia stream transmission key according to an embodiment of the presentinvention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The technical solutions in the embodiments of the present invention areclearly and fully described in the following with reference to theaccompanying drawings in the embodiments of the present invention.Apparently, the embodiments to be described are only a part rather thanall of the embodiments of the present invention. Based on theembodiments of the present invention, all other embodiments obtained bypersons of ordinary skill in the art without creative efforts shall fallwithin the protection scope of the present invention.

In order to adapt to different application scenarios and enhance guardof a network against different potential security hazards, differentkeys are often deployed and applied in different time segments andfields. Therefore, a large number of different media stream transmissionkeys exist on the network. Each transmission key is corresponding to adifferent lifetime, and a lifetime determines generation time of a newkey.

FIG. 1 is a flowchart of an operating method for a media streamtransmission key according to an embodiment of the present invention. Asshown in FIG. 1, the method in this embodiment includes:

Step 101: A media gateway detects lifetime status information of a mediastream transmission key.

For example, an MG may detect lifetime status information of a mediastream transmission key according to a received key expiry event. Thekey expiry event is delivered by a media gateway controller to the mediagateway, and definitely, may also be preset on the media gateway.

In a specific implementation process, in this embodiment, an event maybe extended in an existing H.248 protocol-based feature pack or anextension feature pack. For example, the event may be named as a “keyexpiry (Key Expiry)” event, which is abbreviated as “ke”. When the MGreceives a key expiry event delivered by an MGC, the MG may be triggeredto detect lifetime status information of a media stream transmissionkey.

Step 102: When the media gateway determines that a lifetime of the mediastream transmission key expires, the media gateway executes a mediastream transmission key lifetime expiry behavior according to aninstruction of a media gateway controller.

For example, the media gateway detects lifetime status information ofthe media stream transmission key, and performs judgment on the detectedlifetime status information of the media stream transmission key; whenthe media gateway determines that the lifetime of the media streamtransmission key expires, the media gateway may execute the media streamtransmission key lifetime expiry behavior according to the instructionof the media gateway controller.

For example, a condition for determining that the lifetime of the mediastream transmission key expires may be: If the number of packets thatare transmitted using the same media stream transmission key reaches themaximum number that is set for the media stream transmission key, and atthis time, the media stream transmission key is still not updated, itmay be determined that the lifetime of the media stream transmission keyexpires.

When the lifetime of the media stream transmission key expires, in orderthat the MGC instructs the MG to execute a corresponding media streamtransmission key lifetime expiry behavior. In this embodiment, aparameter may be extended in the “key expiry” event. For example, theparameter may be named as a “key lifetime expiry behavior (Key LifetimeExpiry Behaviour)” parameter, which is abbreviated as “kleb”, toinstruct the MG to execute the corresponding media stream transmissionkey lifetime expiry behavior. When receiving a media stream transmissionkey lifetime expiry behavior parameter that is instructed by the MGC,the MG may execute the corresponding media stream transmission keylifetime expiry behavior when the media stream transmission key expires.

For example, a parameter type of the “key lifetime expiry behavior”parameter may be defined as an enumeration type (Enumeration), andpossible values of the parameter include at least one of the following:

a media gateway autonomous behavior, that is, a media gateway determinedaction (MG determined action). At this time, the media gateway does notneed to further ask for an instruction from the media gatewaycontroller, and may determine a processing behavior independently. Forexample, a value of the parameter may be defined as 0×0001; or

the media gateway closes a media stream and sends a media stream closemessage (for example, RTCP BYE). For example, a value of the parametermay be defined as 0×0002; or

the media gateway reports a key expiry event to the media gatewaycontroller, and does not send a media stream close message (for example,RTCP BYE). For example, a value of the parameter may be defined as0×0003; or

the media gateway reports a key expiry event to the media gatewaycontroller, closes a media stream and sends a media stream close message(for example, RTCP BYE). For example, a value of the parameter may bedefined as 0×0004.

In this embodiment, an object to which the media gateway sends the mediastream close message is another network entity at a bearer layer, forexample, user equipment (User Equipment, UE). The media gateway may sendan RTCP BYE message to a network entity at a bearer lay at a peer end,so as to close a media stream on a bearer plane.

In this embodiment, the media gateway reports a key expiry event to themedia gateway controller. That is, when the MG notifies the MGC througha gateway control protocol message, the message carries a key expiryevent. In order that the MG may notify the MGC timely before thelifetime of the media stream transmission key expires, a key expiryinstruction parameter may also be carried in a reported key expiryevent, where whether a current media stream transmission key is stillused is indicated through different values of the instruction parameter.For example, the instruction parameter may be defined as a Boolean type(Boolean). A value “On” indicates that the number of applied mediastream packets of the current media stream transmission key reaches themaximum value of a key lifetime. That is, a lifetime of the currentmedia stream transmission key expires. A value “Off” indicates that thenumber of applied media stream packets of the current media streamtransmission key does not reach the maximum value of the key lifetime.

In this embodiment, when the key expiry event is delivered by the MGC tothe MG, the “key lifetime expiry behavior” parameter may be carried inthe key expiry event and delivered to the MG together; and definitely,the “key lifetime expiry behavior” parameter may also be deliveredseparately. When the key expiry event is preset on the media gateway,the MGC delivers the “key lifetime expiry behavior” parameter to the MGseparately.

In this embodiment, when the media gateway determines that the lifetimeof the media stream transmission key expires, the media gateway mayexecute the media stream transmission key lifetime expiry behavioraccording to the instruction of the media gateway controller. Thisembodiment fills a technical gap that an operation is performed on alifetime status of a media stream transmission key in an architecturewhere the MG and the MGC are separated. Moreover, by detecting thelifetime status of the media stream transmission. key, securetransmission of a media stream may be implemented.

When a media stream is transmitted, usually one or more differenttransmission keys are involved, for example, a master key (Master Key)and a session key (Session Key) may be included. In this circumstance,the foregoing mechanism may be enhanced to implement lifetime expiryoperations of different granularities.

In an operating method for a media stream transmission key according toanother embodiment of the present invention, a key expiry “(Key Expiry)”event may be specific. For example, in order to implement detection of amaster key, a specific “master key expiry (Master Key Expiry)” event maybe defined, which is abbreviated as “mke”. This embodiment may includethe following steps.

201: When a media gateway receives a master key expiry “mke” event thatis delivered by a media gateway controller, the media gateway may betriggered to detect lifetime status information of a media streamtransmission master key.

202: When the media gateway determines that a lifetime of the mediastream transmission master key expires, the media gateway executes amedia stream transmission key lifetime expiry behavior according to aninstruction of the media gateway controller.

For a specific judging condition, reference may be made to thedescription in the first embodiment.

For a specific method in which an MGC instructs an MG to execute acorresponding media stream transmission key lifetime expiry behavior,reference may be made to the description in the first embodiment.

In an operating method for a media stream transmission key according toanother embodiment of the present invention, media stream transmissionkeys may be classified to implement lifetime expiry behaviors fordifferent types of media stream transmission keys. For example, a “keytype (Key Type)” parameter may be defined in the “key expiry” event, andis abbreviated as “kt”, where a value of the parameter may include amaster key and a session key, so as to implement detection of lifetimestatuses for different types of media stream transmission keys. Thisembodiment may include the following steps.

301: When a media gateway receives a key expiry event including a keytype “kt” parameter, where the key expiry event is delivered by a mediagateway controller, the media gateway may be triggered to detectlifetime status information of a specified type of media streamtransmission key.

302: When the media gateway determines that a lifetime of the specifiedtype of media stream transmission key expires, the media gatewayexecutes a media stream transmission key lifetime expiry behavioraccording to an instruction of the media gateway controller.

For a specific judging condition, reference may be made to thedescription in the first embodiment.

For a specific method in which an MGC instructs an MG to execute acorresponding media stream transmission key lifetime expiry behavior,reference may be made to the description in the first embodiment.

In an operating method for a media stream transmission key according toanother embodiment of the present invention, a media stream transmissionkey may be identified to implement a lifetime expiry behavior for aspecific media stream transmission key. For example, a “key identifier(Key Identifier)” parameter may be defined in the “key expiry” event andis abbreviated as “ki”, where a value of the parameter may be a specifickey. This embodiment may include the following steps.

401: When a media gateway receives a key expiry event including a keyidentifier “ki” parameter, where the key expiry event is delivered by amedia gateway controller, the media gateway may be triggered to detectlifetime status information of a media stream transmission key with aspecified identifier.

402: When the media gateway determines that a lifetime of the mediastream transmission key with the specified identifier expires, the mediagateway executes a media stream transmission key lifetime expirybehavior according to an instruction of the media gateway controller.

For a specific judging condition, reference may be made to thedescription in the first embodiment.

For a specific method in which an MGC instructs an MG to execute acorresponding media stream transmission key lifetime expiry behavior,reference may be made to the description in the first embodiment.

In the operating methods for a media stream transmission key accordingto the foregoing embodiments of the present invention, the key expiry“(Key Expiry)” event may be specific, media stream transmission keys maybe classified, or a media stream transmission key may be identified.When the media gateway determines that a lifetime of a specific mediastream transmission key, a lifetime of a specified type of media streamtransmission key, or a lifetime of a media stream transmission key witha specified identifier expires, the media gateway executes a mediastream transmission key lifetime expiry behavior according to theinstruction of the media gateway controller. The foregoing embodimentsof the present invention fill a technical gap that an operation isperformed on a lifetime status of a media stream transmission key in anarchitecture where an MG and an MGC are separated. Moreover, bydetecting the lifetime status of the media stream transmission key,secure transmission of a media stream may be implemented.

FIG. 5 is a signaling flowchart of a method according to an embodimentof the present invention. As shown in FIG. 5, the method in thisembodiment includes:

Step 501: An MGC negotiates key information to be adopted in mediastream transmission with an MG. Here, the key information may benegotiated and determined by a service layer to which the MGC belongs,and may also be generated by the MGC based on a local policy and thenindicated to the MG.

Step 502: The MG starts receiving and sending a key-protected mediastream according to an instruction of the MGC, including encrypting amedia stream to be sent, and decrypting a received media stream.

Step 503: Taking a user terminal as an example, the MG and the userterminal start secure transmission of a media stream.

Step 504: The MGC sends a detection event request of media streamtransmission key lifetime status information to the MG, where a “keyexpiry (ke)” event is included, and the “key expiry (ke)” event carriesa “key lifetime expiry behavior (kleb)” parameter. In this example, avalue of the “key lifetime expiry behavior (kleb)” parameter is“0×0004”. That is, when a lifetime of a media stream transmission keyexpires, a media gateway reports a key expiry event to a media gatewaycontroller, closes a media stream and sends a media stream close message(for example, RTCP BYE).

Step 505: The MG sends a response message to the MGC.

Step 506: The MG detects lifetime status information of a correspondingmedia stream transmission key, and performs judgment on the detectedlifetime status information of the media stream transmission key.

Step 507: When determining that a lifetime of the media streamtransmission key expires, the MG executes a media stream transmissionkey lifetime expiry behavior according to an instruction of the MGC,which specifically includes: The MG reports a key expiry event to theMGC.

Step 508: The MGC sends a response message to the MG.

Step 509: The MG executes the media stream transmission key lifetimeexpiry behavior according to the instruction of the MGC, whichspecifically includes: The MG sends an RTCP BYE message to the userterminal and closes the media stream.

This embodiment fills a technical gap that an operation is performed ona lifetime status of a media stream transmission key in an architecturewhere an MG and an MGC are separated. Moreover, by detecting thelifetime status of the media stream transmission key, securetransmission of a media stream may be implemented.

The foregoing takes a media stream transmission key as an example. Whenmultiple different transmission keys are involved, a key expiry “(KeyExpiry)” event may be specific. For example, in order to detect a masterkey, a “master key expiry mke” event may be defined. Alternatively,media stream transmission keys may be classified to implement lifetimeexpiry behaviors of different types of media stream transmission keys.For example, a “key type kt” parameter may be defined in a “key expiry(ke)” event. Alternatively, a media stream transmission key may beidentified to implement a lifetime expiry behavior of a specific mediastream transmission key. For example, a “key identifier ki” parametermay be defined in the “key expiry (ke)” event, where a value of theparameter may be a specific key. Specific signaling flowcharts of theforegoing embodiments are not described in detail here.

An embodiment of the present invention further provides a schematicstructural diagram of an operating apparatus for a media streamtransmission key, which is described by taking a media gateway as anexample.

FIG. 6 is a schematic structural diagram of a media gateway according toan embodiment of the present invention. As shown in FIG. 6, the mediagateway in this embodiment includes: a detecting module 11, a judgingmodule 12, and an operating module 13, where the detecting module 11 isconfigured to detect lifetime status information of a media streamtransmission key; the judging module 12 is configured to judge whetherthe lifetime status information of the media stream transmission keyexpires; and the operating module 13 is configured to execute a mediastream transmission key lifetime expiry behavior according to aninstruction of a media gateway controller, when the judging module 12determines that a lifetime of the media stream transmission key expires.

The media gateway in this embodiment is corresponding to the operatingmethod for the media stream transmission key in the embodiment shown inFIG. 1, and a specific implementation principle is not described indetail here.

FIG. 7 is a schematic structural diagram of a media gateway according toanother embodiment of the present invention. As shown in FIG. 7, themedia gateway in this embodiment includes: a detecting module 11, ajudging module 12, and an operating module 13, and further includes: areceiving module 14, where the receiving module 14 is configured toreceive a key expiry event that is delivered by a media gatewaycontroller; the detecting module 11 is configured to detect lifetimestatus information of a media stream transmission key according to thekey expiry event that is delivered by the media gateway controller andreceived by the receiving module 14; the judging module 12 is configuredto judge whether the lifetime status information of the media streamtransmission key expires; and the operating module 13 is configured toexecute a media stream transmission key lifetime expiry behavioraccording to an instruction of the media gateway controller, when thejudging module 12 determines that a lifetime of the media streamtransmission key expires.

Optionally, the receiving module 14 is configured to receive a “masterkey expiry mke” event that is delivered by the media gateway controller,the detecting module 11 is configured to detect lifetime statusinformation of a media stream transmission master key according to themaster key expiry event that is delivered by the media gatewaycontroller and received by the receiving module 14; the judging module12 is configured to judge whether the lifetime status information of themedia stream transmission master key expires; and the operating module13 is configured to execute a media stream transmission key lifetimeexpiry behavior according to an instruction of the media gatewaycontroller, when the judging module 12 determines that a lifetime of themedia stream transmission master key expires.

The media gateway in this embodiment is corresponding to the operatingmethod for the media stream transmission key in the embodiment shown inFIG. 2, and a specific implementation principle is not described indetail here.

Optionally, the receiving module 14 is further configured to receive akey expiry event including a key type “kt” parameter, where the keyexpiry event is delivered by the media gateway controller; the detectingmodule 11 is configured to detect lifetime status information of aspecified type of media stream transmission key according to the keyexpiry event that is delivered by the media gateway controller andreceived by the receiving module 14; the judging module 12 is configuredto judge whether the lifetime status information of the specified typeof media stream transmission key expires; and the operating module 13 isconfigured to execute a media stream transmission key lifetime expirybehavior according to an instruction of the media gateway controller,when the judging module 12 determines that a lifetime of the specifiedtype of media stream transmission key expires.

The media gateway in this embodiment corresponds to the operating methodfor the media stream transmission key in the embodiment shown in FIG. 3,and a specific implementation principle is not described in detail here.

Optionally, the receiving module 14 is further configured to receive akey expiry event including a key identifier “ki” parameter, where thekey expiry event is delivered by the media gateway controller; thedetecting module 11 is configured to detect lifetime status informationof a media stream transmission key with a specified identifier accordingto the key expiry event that is delivered by the media gatewaycontroller and received by the receiving module 14; the judging module12 is configured to judge whether the lifetime status information of themedia stream transmission key with the specified identifier expires; andthe operating module 13 is configured to execute a media streamtransmission key lifetime expiry behavior according to an instruction ofthe media gateway controller, when the judging module 12 determines thata lifetime of the media stream transmission key with the specifiedidentifier expires.

The media gateway in this embodiment corresponds to the operating methodfor the media stream transmission key in the embodiment shown in FIG. 4,and a specific implementation principle is not described in detail here.

Optionally, the receiving module 14 is further configured to receive akey expiry event including a “key lifetime expiry behavior (Key LifetimeExpiry Behaviour)” parameter, where the key expiry event is delivered bythe media gateway controller; the operating module 13 is configured toexecute a media stream transmission key lifetime expiry behavioraccording to an instruction of the “key lifetime expiry behavior (KeyLifetime Expiry Behaviour)” parameter delivered by the media gatewaycontroller, when the judging module 12 determines that a lifetime of themedia stream transmission key expires.

Specifically, a parameter type of the “key lifetime expiry behavior”parameter may be defined as an enumeration type (Enumeration), andpossible values of the parameter include at least one of the following:

a media gateway autonomous behavior, that is, a media gateway determinedaction (MG determined action), at this time, the media gateway does notneed to further ask for an instruction from the media gatewaycontroller, and may determine a processing behavior independently. Forexample, a value of the parameter may be defined as 0×0001; or

the media gateway closes a media stream and sends a media stream closemessage (for example, RTCP BYE). For example, a value of the parametermay be defined as 0×0002; or

the media gateway reports a key expiry event to the media gatewaycontroller, and does not send a media stream close message (for example,RTCP BYE). For example, a value of the parameter may be defined as0×0003; or

the media gateway reports a key expiry event to the media gatewaycontroller, closes a media stream and sends a media stream close message(for example, RTCP BYE). For example, a value of the parameter may bedefined as 0×0004.

In the foregoing media gateway embodiments, when the judging moduledetermines that the lifetime of the media stream transmission keyexpires, the operating module may execute the media stream transmissionkey lifetime expiry behavior according to the instruction of the mediagateway controller. This embodiment fills a technical gap that anoperation is performed on a lifetime status of a media streamtransmission key in an architecture where an MG and an MGC areseparated. Moreover, by detecting the lifetime status of the mediastream transmission key, secure transmission of a media stream may beimplemented.

FIG. 8 is a schematic structural diagram of a media gateway controlleraccording to an embodiment of the present invention. As shown in FIG. 8,the media gateway controller in this embodiment includes: a sendingmodule 21, where the sending module 21 is configured to deliver a keyexpiry event to a media gateway, so that the media gateway detectslifetime status information of a media stream transmission key accordingto the key expiry event.

Optionally, the sending module 21 is configured to deliver a “master keyexpiry mke” event to the media gateway.

Optionally, the sending module 21 is configured to deliver a key expiryevent including a key type “kt” parameter to the media gateway.

Optionally, the sending module 21 is configured to deliver a key expiryevent including a key identifier “ki” parameter to the media gateway.

Optionally, the sending module 21 is configured to deliver a key expiryevent including a “key lifetime expiry behavior (Key Lifetime ExpiryBehaviour)” parameter to the media gateway. When the “key lifetimeexpiry behavior (Key Lifetime Expiry Behaviour)” parameter includes akey expiry event that is reported by the media gateway to the mediagateway controller, the media gateway controller further includes areceiving module 22, configured to receive the key expiry event that isreported by the media gateway.

The media gateway controller in this embodiment is corresponding to theoperating method embodiments of the media stream transmission key, and aspecific implementation principle is not described in detail here.

FIG. 9 is a schematic structural diagram of an operating system for amedia stream transmission key. As show in FIG. 9, the operating systemfor a media stream transmission key in this embodiment includes: a mediagateway controller 2 and a media gateway 1, where the media gatewaycontroller 2 is configured to send a key expiry event to the mediagateway 1; and the media gateway 1 is configured to receive the keyexpiry event that is sent by the media gateway controller 2, detectlifetime status information of a media stream transmission key accordingto the received key expiry event that is delivered by the media gatewaycontroller, judge whether the lifetime status information of the mediastream transmission key expires, and execute a media stream transmissionkey lifetime expiry behavior according to an instruction of the mediagateway controller, when determining that a lifetime of the media streamtransmission key expires.

The foregoing system embodiment is corresponding to the operating methodembodiments of the media stream transmission key, and a specificimplementation principle is not described in detail here.

The foregoing system embodiment fills a technical gap that an operationis performed on a lifetime status of a media stream transmission key inan architecture where an MG and an MGC are separated. Moreover, bydetecting the lifetime status of the media stream transmission key,secure transmission of a media stream may be implemented.

Finally, it should be noted that the forgoing embodiments are merelyused for describing the technical solutions of the present invention,but are not intended to limit the present invention. It should beunderstood by persons of ordinary skill in the art that although thepresent invention has been described in detail with reference toexemplary embodiments, modifications or equivalent replacements maystill be made to the technical solutions of the present invention,however, these modifications or equivalent replacements cannot make themodified technical solutions depart from the spirit and scope of thetechnical solutions of the present invention.

What is claimed is:
 1. An operating method for a media streamtransmission key, comprising: receiving, by a media gateway, a keyexpiry event including a key lifetime expiry behavior parameterdelivered by a media gateway controller, wherein the key lifetime expirybehavior parameter instructs the media gateway to execute, when themedia stream transmission key expires, a corresponding key lifetimeexpiry behavior; detecting, by the media gateway, lifetime statusinformation of a the media stream transmission key according to thereceived key expiry event; and when the media gateway determines that alifetime of the media stream transmission key expires, executing, by themedia gateway, the key lifetime expiry behavior corresponding to the keylifetime expiry behavior parameter delivered by the media gatewaycontroller; wherein the key lifetime expiry behavior corresponding tothe key lifetime expiry behavior parameter comprises at least one of thefollowing: closing a media stream and sending a media stream closemessage, or reporting the key expiry event to the media gatewaycontroller, without sending a media stream close message, wherein thereported key expiry event carries a key expiry indication parameterwhich indicates whether or not the media stream transmission key isstill used.
 2. The method according to claim 1, wherein the key expiryevent comprises a key type parameter, and the media gateway detectslifetime status information of the media stream transmission key of aspecified type according to the key expiry event comprising the key typeparameter; when the media gateway determines that a lifetime of themedia stream transmission key of the specified type expires, the mediagateway executes the key lifetime expiry behavior corresponding to thekey lifetime expiry behavior parameter of the media gateway controller.3. The method according to claim 1, wherein the key expiry eventcomprises a key identifier parameter, and the media gateway detectslifetime status information of a the media stream transmission key witha specified identifier according to the key expiry event comprising thekey identifier parameter; when the media gateway determines that alifetime of the media stream transmission key with the specifiedidentifier expires, the media gateway executes the key lifetime expirybehavior corresponding to the key lifetime expiry behavior parameter ofthe media gateway controller.
 4. The method according to claim 1,wherein the key expiry event is a master key expiry event, and the mediagateway detects lifetime status information of a media streamtransmission master key according to the received master key expiryevent; when the media gateway determines that a lifetime of the mediastream transmission master key expires, the media gateway executes thekey lifetime expiry behavior corresponding to the key lifetime expirybehavior parameter of the media gateway controller.
 5. The methodaccording to claim 1, wherein a condition for determining that alifetime of the media stream transmission key expires is that, thenumber of packets that are transmitted by using the media streamtransmission key reaches a maximum number that is set for the mediastream transmission key.
 6. A media gateway, comprising a receivingmodule, a detecting module, a judging module and an operating module,wherein the receiving module is configured to receive a key expiry eventincluding a key lifetime expiry behavior parameter that are delivered bya media gateway controller, wherein the key lifetime expiry behaviorparameter instructs the media gateway to execute, when the media streamtransmission key expires, a corresponding key lifetime expiry behavior;the detecting module is configured to detect lifetime status informationof a media stream transmission key according to the key expiry eventthat is delivered by the media gateway controller and received by thereceiving module; the judging module is configured to judge whether thelifetime of the media stream transmission key expires; and the operatingmodule is configured to execute the key lifetime expiry behaviorcorresponding to the key lifetime expiry behavior parameter delivered bya media gateway controller, when the judging module determines that thelifetime of the media stream transmission key expires; wherein the keylifetime expiry behavior corresponding to the key lifetime expirybehavior parameter comprises at least one of the following: closing amedia stream and sending a media stream close message, or reporting thekey expiry event to the media gateway controller, without sending amedia stream close message, wherein the reported key expiry eventcarries a key expiry indication parameter which indicates whether or notthe media stream transmission key is still used.
 7. The media gatewayaccording to claim 6, wherein the receiving module is further configuredto receive a key expiry event comprising a key type parameter; thedetecting module is configured to detect lifetime status information ofmedia stream transmission key of a specified type according to the keyexpiry event that is delivered by the media gateway controller andreceived by the receiving module; the judging module is configured tojudge whether the lifetime status information of media streamtransmission key of the specified type expires; and the operating moduleis configured to execute the media stream transmission key lifetimeexpiry behavior corresponding to the key lifetime expiry behaviorparameter of the media gateway controller, when the judging moduledetermines that a lifetime of media stream transmission key of thespecified type expires.
 8. An operating system for a media streamtransmission key, comprising a media gateway controller and a mediagateway, wherein the media gateway controller comprising a memory and aprocessor, and when executable program code stored in the memory isexecuted by the processor, the media gateway controller is configuredcaused to send a key expiry event including a key lifetime expirybehavior parameter to the media gateway, wherein the key lifetime expirybehavior parameter instructs the media gateway to execute, when themedia stream transmission key expires, a corresponding key lifetimeexpiry behavior; and wherein the media gateway comprising a memory and aprocessor, and when executable program code stored in the memory isexecuted by the processor, the media gateway is configuredcaused toreceive the key expiry event and the key lifetime expiry behaviorparameter sent by the media gateway controller; according to thereceived key expiry event that is delivered by the media gatewaycontroller, detect lifetime status information of a the media streamtransmission key; judge whether the lifetime of the media streamtransmission key expires; and when determining that the lifetime of themedia stream transmission key expires, execute the key lifetime expirybehavior corresponding to the key lifetime expiry behavior parametersent by the media gateway controller; wherein the key lifetime expirybehavior corresponding to the key lifetime expiry behavior parametercomprises at least one of the following: closing a media stream andsending a media stream close message, or reporting the key expiry eventto the media gateway controller, without sending a media stream closemessage, wherein the reported key expiry event carries a key expiryindication parameter which indicates whether or not the media streamtransmission key is still used.
 9. The media gateway according to claim6, wherein the receiving module is further configured to receive a keyexpiry event comprising a key identifier parameter; the detecting moduleis configured to detect lifetime status information of a media streamtransmission key with a specified identifier according to the key expiryevent that is delivered by the media gateway controller and received bythe receiving module; the judging module is configured to judge whetherthe lifetime status information of the media stream transmission keywith the specified identifier expires; and the operating module isconfigured to execute the key lifetime expiry behavior corresponding tothe key lifetime expiry behavior parameter of the media gatewaycontroller, when the judging module determines that a lifetime of themedia stream transmission key with the specified identifier expires. 10.The media gateway according to claim 6, wherein the receiving module isfurther configured to receive a master key expiry event; the detectingmodule is configured to detect lifetime status information of a mediastream transmission master key according to the master key expiry event;the judging module is configured to judge whether the lifetime statusinformation of the media stream transmission master key expires; and theoperating module is configured to execute the key lifetime expirybehavior corresponding to the key lifetime expiry behavior parameter ofthe media gateway controller, when the judging module determines that alifetime of the media stream transmission master key expires.
 11. Themedia gateway according to claim 6, wherein a condition for determiningthat a lifetime of the media stream transmission key expires is that,the number of packets that are transmitted by using the media streamtransmission key reaches a maximum number that is set for the mediastream transmission key.
 12. The system according to claim 8, whereinthe key expiry event comprises a key type parameter; the media gatewayis configured caused to detect lifetime status information of the mediastream transmission key of a specified type according to the key expiryevent comprising the key type parameter; when determining that alifetime of the media stream transmission key of the specified typeexpires, to execute the key lifetime expiry behavior corresponding tothe key lifetime expiry behavior parameter of the media gatewaycontroller.
 13. The system according to claim 8, wherein the key expiryevent comprises a key identifier parameter; the media gateway isconfigured caused to detect lifetime status information of a the mediastream transmission key with a specified identifier according to the keyexpiry event comprising the key identifier parameter; when determiningthat a lifetime of the media stream transmission key with the specifiedidentifier expires, to execute the key lifetime expiry behaviorcorresponding to the key lifetime expiry behavior parameter of the mediagateway controller.
 14. The system according to claim 8, wherein the keyexpiry event is a master key expiry event, and the media gateway isconfigured caused to detect lifetime status information of a mediastream transmission master key according to the received master keyexpiry event; when determining that a lifetime of the media streamtransmission master key expires, to execute the key lifetime expirybehavior corresponding to the key lifetime expiry behavior parameter ofthe media gateway controller.
 15. The system according to claim 8,wherein a condition for determining that a lifetime of the media streamtransmission key expires is that, the number of packets that aretransmitted by using the media stream transmission key reaches a maximumnumber that is set for the media stream transmission key.
 16. Anoperating method for a media stream transmission key, comprising:receiving, by a media gateway, a key expiry event and a key lifetimeexpiry behavior parameter delivered by a media gateway controller,wherein the key lifetime expiry behavior parameter instructs the mediagateway to execute, when the media stream transmission key expires, acorresponding key lifetime expiry behavior; detecting, by the mediagateway, lifetime status information of the media stream transmissionkey according to the received key expiry event; and when the mediagateway determines that a lifetime of the media stream transmission keyexpires, executing, by the media gateway, the key lifetime expirybehavior corresponding to the key lifetime expiry behavior parameter;wherein the key lifetime expiry behavior corresponding to the keylifetime expiry behavior parameter comprises at least one of thefollowing: closing a media stream and sending a media stream closemessage, or reporting the key expiry event to the media gatewaycontroller, without sending a media stream close message, wherein thereported key expiry event carries a key expiry indication parameterwhich indicates whether or not the media stream transmission key isstill used.
 17. The method according to claim 16, wherein the key expiryevent comprises a key type parameter, and the media gateway detectslifetime status information of the media stream transmission key of aspecified type according to the key expiry event comprising the key typeparameter; when the media gateway determines that the lifetime of themedia stream transmission key of the specified type expires, the mediagateway executes the key lifetime expiry behavior corresponding to thekey lifetime expiry behavior parameter of the media gateway controller.18. The method according to claim 16, wherein the key expiry eventcomprises a key identifier parameter, and the media gateway detectslifetime status information of the media stream transmission key with aspecified identifier according to the key expiry event comprising thekey identifier parameter; when the media gateway determines that thelifetime of the media stream transmission key with the specifiedidentifier expires, the media gateway executes the key lifetime expirybehavior corresponding to the key lifetime expiry behavior parameter ofthe media gateway controller.
 19. The method according to claim 16,wherein the key expiry event is a master key expiry event, and the mediagateway detects lifetime status information of a media streamtransmission master key according to the received master key expiryevent; when the media gateway determines that a lifetime of the mediastream transmission master key expires, the media gateway executes thekey lifetime expiry behavior corresponding to the key lifetime expirybehavior parameter of the media gateway controller.
 20. The methodaccording to claim 16, wherein a condition for determining that thelifetime of the media stream transmission key expires is that, thenumber of packets that are transmitted by using the media streamtransmission key reaches a maximum number that is set for the mediastream transmission key.
 21. A media gateway, comprising a memory and aprocessor, and when executable program code stored in the memory isexecuted by the processor, the media gateway is caused to: receive a keyexpiry event and a key lifetime expiry behavior parameter that aredelivered by a media gateway controller, wherein the key lifetime expirybehavior parameter instructs the media gateway to execute, when a mediastream transmission key expires, a corresponding key lifetime expirybehavior; detect lifetime status information of the media streamtransmission key according to the key expiry event that is delivered bythe media gateway controller and received by the receiving module; judgewhether a lifetime of the media stream transmission key expires; andexecute the key lifetime expiry behavior corresponding to the keylifetime expiry behavior parameter delivered by a media gatewaycontroller, when the lifetime of the media stream transmission keyexpires; wherein the key lifetime expiry behavior corresponding to thekey lifetime expiry behavior parameter comprises at least one of thefollowing: closing a media stream and sending a media stream closemessage, or reporting the key expiry event to the media gatewaycontroller, without sending a media stream close message, wherein thereported key expiry event carries a key expiry indication parameterwhich indicates whether or not the media stream transmission key isstill used.
 22. The media gateway according to claim 21, wherein themedia gateway is further caused to: receive a key expiry eventcomprising a key type parameter; detect lifetime status information ofthe media stream transmission key of a specified type according to thekey expiry event that is delivered by the media gateway controller;judge whether the lifetime status information of the media streamtransmission key of the specified type expires; and execute the mediastream transmission key lifetime expiry behavior corresponding to thekey lifetime expiry behavior parameter of the media gateway controller,when the lifetime of the media stream transmission key of the specifiedtype expires.
 23. The media gateway according to claim 21, wherein mediagateway is further caused to: receive a key expiry event comprising akey identifier parameter; detect lifetime status information of themedia stream transmission key with a specified identifier according tothe key expiry event that is delivered by the media gateway controller;judge whether the lifetime status information of the media streamtransmission key with the specified identifier expires; and execute thekey lifetime expiry behavior corresponding to the key lifetime expirybehavior parameter of the media gateway controller, when the lifetime ofthe media stream transmission key with the specified identifier expires.24. The media gateway according to claim 21, wherein the media gatewayis further caused to: receive a master key expiry event; detect lifetimestatus information of a media stream transmission master key accordingto the master key expiry event; judge whether the lifetime statusinformation of the media stream transmission master key expires; andexecute the key lifetime expiry behavior corresponding to the keylifetime expiry behavior parameter of the media gateway controller, whena lifetime of the media stream transmission master key expires.
 25. Themedia gateway according to claim 21, wherein a condition for determiningthat the lifetime of the media stream transmission key expires is that,the number of packets that are transmitted by using the media streamtransmission key reaches a maximum number that is set for the mediastream transmission key.
 26. An operating system for a media streamtransmission key, comprising a media gateway controller and a mediagateway, wherein the media gateway controller comprising a memory and aprocessor, and when executable program code stored in the memory isexecuted by the processor, the media gateway controller is caused tosend a key expiry event and a key lifetime expiry behavior parameter tothe media gateway, wherein the key lifetime expiry behavior parameterinstructs the media gateway to execute, when the media streamtransmission key expires, a corresponding key lifetime expiry behavior;and wherein the media gateway comprising a memory and a processor, andwhen executable program code stored in the memory is executed by theprocessor, the media gateway is caused to: receive the key expiry eventand the key lifetime expiry behavior parameter sent by the media gatewaycontroller; according to the received key expiry event that is deliveredby the media gateway controller, detect lifetime status information ofthe media stream transmission key; judge whether a lifetime of the mediastream transmission key expires; and when determining that the lifetimeof the media stream transmission key expires, execute the key lifetimeexpiry behavior corresponding to the key lifetime expiry behaviorparameter; wherein the key lifetime expiry behavior corresponding to thekey lifetime expiry behavior parameter comprises at least one of thefollowing: closing a media stream and sending a media stream closemessage, or reporting the key expiry event to the media gatewaycontroller, without sending a media stream close message, wherein thereported key expiry event carries a key expiry indication parameterwhich indicates whether or not the media stream transmission key isstill used.
 27. The system according to claim 26, wherein the key expiryevent comprises a key type parameter; the media gateway is caused todetect lifetime status information of the media stream transmission keyof a specified type according to the key expiry event comprising the keytype parameter, when determining that the lifetime of the media streamtransmission key of the specified type expires, to execute the keylifetime expiry behavior corresponding to the key lifetime expirybehavior parameter of the media gateway controller.
 28. The systemaccording to claim 26, wherein the key expiry event comprises a keyidentifier parameter; the media gateway is caused to detect lifetimestatus information of the media stream transmission key with a specifiedidentifier according to the key expiry event comprising the keyidentifier parameter; when determining that the lifetime of the mediastream transmission key with the specified identifier expires, toexecute the key lifetime expiry behavior corresponding to the keylifetime expiry behavior parameter of the media gateway controller. 29.The system according to claim 26, wherein the key expiry event is amaster key expiry event, and the media gateway is caused to detectlifetime status information of a media stream transmission master keyaccording to the received master key expiry event; when determining thata lifetime of the media stream transmission master key expires, toexecute the key lifetime expiry behavior corresponding to the keylifetime expiry behavior parameter of the media gateway controller. 30.The system according to claim 26, wherein a condition for determiningthat the lifetime of the media stream transmission key expires is that,the number of packets that are transmitted by using the media streamtransmission key reaches a maximum number that is set for the mediastream transmission key.
 31. An operating method for a media streamtransmission key, comprising: sending, by a media gateway controller, akey expiry event including a key lifetime expiry behavior parameter to amedia gateway, wherein the key lifetime expiry behavior parameter isused to instruct the media gateway to execute, when the media streamtransmission key expires, a corresponding key lifetime expiry behavior;receiving, by the media gateway, the key expiry event from the mediagateway controller; detecting, by the media gateway, lifetime statusinformation of the media stream transmission key according to thereceived key expiry event; and when the media gateway determines that alifetime of the media stream transmission key expires, executing, by themedia gateway, the key lifetime expiry behavior corresponding to the keylifetime expiry behavior parameter delivered by the media gatewaycontroller; wherein the key lifetime expiry behavior corresponding tothe key lifetime expiry behavior parameter comprises: closing a mediastream and sending a media stream close message.
 32. The methodaccording to claim 31, wherein the key expiry event is a master keyexpiry event, and the media gateway detects lifetime status informationof a media stream transmission master key according to the receivedmaster key expiry event; when the media gateway determines that alifetime of the media stream transmission master key expires, the mediagateway executes the key lifetime expiry behavior corresponding to thekey lifetime expiry behavior parameter of the media gateway controller.33. The method according to claim 31, wherein a condition fordetermining that a lifetime of the media stream transmission key expiresis that, the number of packets that are transmitted by using the mediastream transmission key reaches a maximum number that is set for themedia stream transmission key.
 34. The method according to claim 31,further comprising: reporting, by the media gateway, the key expiryevent to the media gateway controller after the media gateway determinesthat the lifetime of the media stream transmission key expires.
 35. Anoperating method for a media stream transmission key, comprising:sending, by a media gateway controller, a key expiry event and a keylifetime expiry behavior parameter to a media gateway, wherein the keylifetime expiry behavior parameter is used to instruct the media gatewayto execute, when the media stream transmission key expires, acorresponding key lifetime expiry behavior; receiving, by the mediagateway, the key expiry event and the key lifetime expiry behaviorparameter from the media gateway controller; detecting, by the mediagateway, lifetime status information of the media stream transmissionkey according to the received key expiry event; and when the mediagateway determines that a lifetime of the media stream transmission keyexpires, executing, by the media gateway, the key lifetime expirybehavior corresponding to the key lifetime expiry behavior parameter;wherein the key lifetime expiry behavior corresponding to the keylifetime expiry behavior parameter comprises: closing a media stream andsending a media stream close message.
 36. The method according to claim35, wherein the key expiry event is a master key expiry event, and themedia gateway detects lifetime status information of a media streamtransmission master key according to the received master key expiryevent; when the media gateway determines that a lifetime of the mediastream transmission master key expires, the media gateway executes thekey lifetime expiry behavior corresponding to the key lifetime expirybehavior parameter of the media gateway controller.
 37. The methodaccording to claim 35, wherein a condition for determining that thelifetime of the media stream transmission key expires is that, thenumber of packets that are transmitted by using the media streamtransmission key reaches a maximum number that is set for the mediastream transmission key.
 38. The method according to claim 35, furthercomprising: reporting, by the media gateway, the key expiry event to themedia gateway controller after the media gateway determines that thelifetime of the media stream transmission key expires.